Hello, Didier 'OdyX' Raboud <odyx@debian.org> (06/03/2012): > as I noticed from the PTS that foomatic-filters is still affected by > CVE-2011-2924 on stable, here I am with a stable upload (I went to the > Security Team first and got asked to go trough a Point update instead). > > (Note that the last upload of foomatic-filters to stable-security was to > fix the similar but not same CVE-2011-2964.) > > The proposed patch (and full debdiff, but it's a diff-of-diff) is > attached as CVE-2011-2924.patch and was verbatim backported from the > upstream VCS at [ff256]. The proposed changelog is as following: > > foomatic-filters (4.0.5-6+squeeze2) stable; urgency=low > > * Fix CVE-2011-2924 > "foomatic-rip (debug mode) insecure temporary file use in renderer > command line by processing PostScript data" > - Backport debian/patches/CVE-2011-2924.patch from upstream, add > DEP-3 headers. > > Opinions ? I think a reference to a Debian bug would be nice to have. Adam? (From the security tracker it looks like unstable and testing aren't affected: http://security-tracker.debian.org/tracker/CVE-2011-2924) Doesn't look too bad otherwise. No error checking for mktemp in the last hunk, though… Mraw, KiBi.
Attachment:
signature.asc
Description: Digital signature